Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

---------------------------------------------------------------------------------------------Please some help would be appreciated. I have already tried many anti-spyware software.When I remove the mIRC program and clean the registry and INI run program (mirc), then the Virus Scan of Mcafee detects again the same trojan (nicks.txt, IRC/Flood.am). Where is it hide?

Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Archivos de programa\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exeC:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exeC:\Archivos de programa\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exeC:\Archivos de programa\Archivos comunes\Acronis\Schedule2\schedul2.exeC:\Archivos de programa\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\cisvc.exeC:\Archivos de programa\Cisco Systems\VPN Client\cvpnd.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Archivos de programa\Lan Core\lanserv.exeC:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exeC:\Archivos de programa\Network Associates\VirusScan\Mcshield.exec:\ARCHIV~1\LANCOR~1\bootcore.exec:\ARCHIV~1\LANCOR~1\bootcore.exeC:\Archivos de programa\Network Associates\VirusScan\VsTskMgr.exeC:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exec:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\stacsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\Archivos de programa\TortoiseSVN\bin\TSVNCache.exeC:\Archivos de programa\Dell\QuickSet\quickset.exeC:\Archivos de programa\Intel\Wireless\bin\ZCfgSvc.exeC:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exeC:\Archivos de programa\Windows Defender\MSASCui.exeC:\Archivos de programa\Acronis\TrueImage\TrueImageMonitor.exeC:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXEC:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exeC:\Archivos de programa\Archivos comunes\Network Associates\TalkBack\TBMon.exeC:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exeC:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\ISUSPM.exeC:\WINDOWS\system32\ctfmon.exeC:\Archivos de programa\WIDCOMM\Bluetooth Software\BTTray.exeC:\WINDOWS\system32\wuauclt.exeC:\Archivos de programa\Intel\Wireless\Bin\Dot1XCfg.exeC:\Archivos de programa\Mozilla Firefox\firefox.exeC:\Documents and Settings\domingo.VISUAL_TOOLS\Configuración local\Datos de programa\Google\Google Talk Plugin\googletalkplugin.exeC:\Download\Protección del Sistema\HijackThis.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\cidaemon.exe

Hi dlopez,Unfortunately, you have a very dangerous infection called IRC.Flood.xx, with "backdoor" capabilities. This can give remote intruders complete control of your computer, which can include logging key strokes, stealing information, etc.You are strongly advised to do the following immediately:

Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.

Call your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

Because of the infection's backdoor functionality(i.e., remote control capability), the basic security of your PC is very likely compromised, and there is no way to be sure it can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action is to reformat the hard drive and reinstall the Windows Operating System. The reason for this is that the infection can make undetectable changes to your security settings, which may enable a re-installation of the infection after the machine is "cleaned" and reconnected to the internet. (This infection can, in effect, leave a "cellar door" unlocked so it can come back later and gain entry).

If you do not have the resources to reinstall your Windows Operating System and would like me to attempt to clean your machine, I will be happy to do so. This is your choice to make.The following articles may be of assistance in your decision:

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.